f73c0eba7b27b068e3007737f588bd10_JaffaCakes118 | Triage

Sharing

General

Target

f73c0eba7b27b068e3007737f588bd10_JaffaCakes118
Size

15KB
MD5

f73c0eba7b27b068e3007737f588bd10
SHA1

1a100afafd43c7af5fdc1268ec48139be796962f
SHA256

906d690e36d899a6ac8664375e30c7a398a22d1e3ae29d8c3a77764a63bbd1a9
SHA512

f6d14ef2c84e827efa389a2ef26ff1773a67b60bafd36aaac5bce9f20b9e1a9ddf0fb1b0075837d76c33ed407740cd84c456e89977cd7977f0346f13c33da5a7
SSDEEP

192:04HKSSSSSSSSSIHsbul8HCNc/wt+7bWx+NZYoJxRYwaoP/Q+e2wusXmEoeyIH:vwjlICOYt+O+NZYovaKIH1hZoey

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f73c0eba7b27b068e3007737f588bd10_JaffaCakes118

Files

f73c0eba7b27b068e3007737f588bd10_JaffaCakes118
.sys windows:4 windows x86 arch:x86

c2b81de38dadea1d990848ce3c1d1db8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwOpenThread
IoCreateDevice
IoCreateSymbolicLink
IofCompleteRequest
KeServiceDescriptorTable
ZwWriteFile
ZwTerminateProcess
ZwReadFile
ZwQueryInformationProcess
ZwQueryInformationFile
ZwQueryDirectoryFile
RtlInitUnicodeString
ZwOpenProcess
ZwDeleteFile
ZwCreateFile
ZwClose
ZwAllocateVirtualMemory
RtlCompareUnicodeString
NtLockFile
_strnicmp
PsLookupProcessByProcessId

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 630B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 576B - Virtual size: 568B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 864B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ